The North American Electric Reliability Corporation (NERC), Atlanta, announced that its Electric Information Sharing and Analysis Center (E-ISAC) is partnering with the U.S. Department of Energy to expand its Cybersecurity Risk Information Sharing Program (CRISP) to include operational technology. The CRISP expansion, which will include two operational technology pilots, will improve E-ISAC capabilities in a way that will strengthen grid security in North America.
“The purpose of the new pilots is to identify potential cyber threats to utilities’ industrial control systems by capturing raw and/or refined operational technology data and comparing it to CRISP information technology data,” NERC said.
“The CRISP operational pilots are an important advance in E-ISAC capabilities and reflect a maturation of our partnership with DOE,” said Frank Honkus, E-ISAC’s associate director of intelligence programs and CRISP manager. “These pilots will help the E-ISAC meet its core responsibility of advising utilities on the detection and mitigation of industrial control system threats from the most advanced and persistent international adversaries.”
Under the first pilot, E-ISAC analysts will leverage operational technology sensors that are already installed across the electrical industry to identify anomalous or potentially malicious cyber behavior.
The objective of the second pilot, which is primarily funded by DOE, is to gain unique cybersecurity insights from the correlation and analysis of CRISP information technology data and operational technology data from Essence program, which is funded by the DOE and led by the National Rural Electric Cooperative Association (NRECA), Arlington, Va. Essence uses sophisticated real-time anomaly detection to identify and warn of possible network breaches. This pilot will expand to include five utility members of NRECA, and the Essence program will be expanded to include the CRISP community.
In addition to the two operational technology pilots, the DOE’s Pacific Northwest National Laboratory (PNNL), Richland, Wash., and E-ISAC will improve CRISP through a new information technology project that will facilitate detection of anomalous and malicious activity on utilities’ business networks. E-ISAC manages CRISP under an agreement with PNNL, which installs network monitoring equipment at participating utilities and supports CRISP analysis that E-ISAC produces for asset owners and operators across North America.